Auditing Level (QAUDLVL)
The Auditing Level (QAUDLVL) system value along with the QAUDLVL2 system value determines which security-related events are logged to the security audit journal (QAUDJRN) for all system users.
You can specify more than one value for the QAUDLVL system value, unless you specify *NONE.
For the QAUDLVL system value to take effect, the QAUDCTL system value must include *AUDLVL.
Note: This system value
is a restricted value. See Security
system values for details on how to restrict changes to security system
values and a complete list of the restricted system values.
*NONE | No events controlled by the QAUDLVL or QAUDLVL2 system values are logged. Events are logged for individual users based on the AUDLVL values of user profiles. |
*NOTAVL | This value is displayed to indicate that the system value is not available to the user because the user does not have either *AUDIT or *ALLOBJ special authority. The system value cannot be set to this value. |
*AUDLVL2 | Both QAUDLVL and QAUDLVL2 system values will be used to determine the security actions to be audited. |
*ATNEVT | Attention events are logged. |
*AUTFAIL | Authority failure events are logged. |
*CREATE | Object create operations are logged. |
*DELETE | Object delete operations are logged. |
*JOBBAS | Job base functions are audited. |
*JOBCHGUSR | Changes to a thread's active user profile or its group profiles are audited. |
*JOBDTA | Actions that affect a job are logged. *JOBDTA is composed of two values, which are *JOBBAS and *JOBCHGUSR, to enable you to better customize your auditing. If both of the values are specified, you will get the same auditing as if just *JOBDTA is speicified. |
*NETBAS | Network base functions are audited. |
*NETCLU | Cluster and cluster resource group operations are audited. |
*NETCMN | Network and communication functions are audited.
*NETCMN is composed of several values to enable you to better customize
your auditing. The following values make up *NETCMN:
*NETBAS |
*NETFAIL | Network failures are audited. |
*NETSCK | Socket tasks are audited. |
*OBJMGT | Object move and rename operations are logged. |
*OFCSRV | Changes to the system distribution directory and office mail actions are logged. |
*OPTICAL | Use of Optical Volumes is logged. |
*PGMADP | Obtaining authority from a program that adopts authority is logged. |
*PGMFAIL | System integrity violations are logged. |
*PRTDTA | Printing a spooled file, sending output directly to a printer, and sending output to a remote printer are logged. |
*SAVRST | Save and restore operations are logged. |
*SECCFG | Security configuration is audited. |
*SECDIRSRV | Changes or updates when doing directory service functions are audited. |
*SECIPC | Changes to interprocess communications are audited. |
*SECNAS | Network authentication service actions are audited. |
*SECRUN | Security run time functions are audited. |
*SECSCKD | Socket descriptors are audited. |
*SECURITY | Security-related functions are logged. *SECURITY
is composed of several values to enable you to better customize your auditing.
The following values make up *SECURITY:
*SECCFG |
*SECVFY | Use of verification functions are audited. |
*SECVLDL | Changes to validation list objects are audited. |
*SERVICE | Using service tools is logged. |
*SPLFDTA | Actions performed on spooled files are logged. |
*SYSMGT | Use of systems management functions is logged. |